Active Directory Integration

 

Active Directory (AD) is a directory service developed by Microsoft for Windows networks. It is included in most Windows Server operating systems. AD authenticates and authorizes users when they login (i.e. it checks the password and determines whether the user’s access level). AD makes use of the Lightweight Directory Access Protocol (LDAP).

 

AD is organised into Domains - a logical group of network objects (computers, users, devices) that share the same active directory database.

 

Within each Domain are Groups where administrative policies (access rights) are defined.

 

Within SCANNELL the AD Domain & Group structure is mapped to an equivalent User Domain & User Group structure.

 

Each user belongs to a User Domain. The default domain is called “SCANNELL”, however when Active Directory is used one or more domains can be configured and the user has to pick their domain when logging in.

 

 

Customers who use Active Directory (AD) are given a special licence which allows Modules/Access Levels to be assigned to User Groups. This is to allow Active Directory customers to do a one off configuration in SCANNELL and then to manage Users entirely within Active Directory.

 

The User Domains page shows the Domains that have been configured.

 

The Modules page shows the Users by each Module/Access right.

The Groups page is used to set up and show Groups used within the Law module to determine sharing rights for Legal Profiles – this is different to the AD related User Groups.

 

An Active Directory User Domain contains:

 

      Connection Details - URL, rootDn, username, password used to connect to the Active Directory server.

      Search Bases - optional containers to restrict where Users and Groups are looked up.

      Attributes - mapping of AD User Attributes to SCANNELL User fields.

      Default Groups - Optional Groups to be added to all users in the domain - potentially useful for Sites.

      Mapped Groups - AD Group Distinguished Names and their corresponding SCANNELL Group.

      Mapped Departments - AD Department Attribute values and their corresponding SCANNELL Department.

 

When an AD User logs in, SCANNELL checks their password against AD and then retrieves all of their Attributes and AD Groups.

 

All Users in the AD domain can be updated into SCANNELL by clicking Synchronise.

 

Any AD User who is not a member of any mapped groups is de-activated.

 

Users belonging to an AD User Domain cannot be manually updated in SCANNELL.